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Listing of Claims 

1 . (Original) A method of controlling updates of a programmable memory of 
a device, the method comprising: 

obtaining an update image corresponding to the update of the programmable memory; 

obtaining a certificate associated with the update image, the certificate having update 
application rules in at least one extension of the certificate; 

extracting the update application rules from the at least one extension of the obtained 
certificate; and 

selectively updating the programmable memory based on the update image and the 
update application rules extracted from the obtained certificate. 

2. (Original) A method according to Claim 1, wherein the update application 
rules comprise at least one of rules information associated with a manufacturer of the device, 
rules information associated with a brand of the device, rules information associated with a 
software version of the device, rules information associated with a license authorization of 
the device or rules associated with the individual device. 

3. (Original) A method according to Claim 1, wherein the update application 
rules comprise rules defining devices for which application of the update image is authorized. 

4. (Original) A method according to Claim 3, wherein the rules defining 
devices comprise rules specifying at least one of authorized device serial numbers, authorized 
firmware versions, authorized device manufacturers and authorized users associated with a 
device. 

5. (Original) A method according to Claim 1, wherein the update application 
rules comprise rules defining how data from the update image is utilized to update the 
programmable memory. 

6. (Original) A method according to Claim 1, wherein the update application 
rules comprise rules which identify installation information provided with the update image 
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and wherein the step of updating the programmable memory comprises updating the 
programmable memory utilizing the installation information provided with the update image. 

7. (Original) A method according to Claim 6, wherein the installation 
information comprises an install program and wherein the step of updating the programmable 
memory utilizing the installation information comprises executing the install program to 
write the update data to the programmable memory. 

8. (Original) A method according to Claim 1 , further comprising verifying 
the authenticity of the update image. 

9. (Original) A method according to Claim 8, wherein the step of verifying 
the authenticity of the update comprises the step of evaluating the certificate associated with 
the update image to determine if a valid digital signature is provided with the image. 

10. (Original) A method according to Claim 8, wherein the step of verifying 
the authenticity of the update image comprises the step of determining if a valid digital 
signature is provided with the image by decrypting the digital signature provided with the 
image using a shared secret. 

1 1 . (Original) A method according to Claim 9, wherein the step of evaluating 
the certificate comprises the steps of: 

decrypting a digital signature of the certificate utilizing a public key of a certificate 
authority accessible to the update program; and 

comparing the decrypted digital signature with a precomputed value to determine if 
the digital signature is a valid digital signature associated with the certificate authority. 

12. (Original) A method according to Claim 1 1, wherein the public key is 
stored in a non-updateable memory. 
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13. (Original) A method according to Claim 1 1 , further comprising the steps 

of: 

providing the public key of the certificate authority in a previous version of data to be 
stored in the programmable memory; and 

wherein the step of decrypting a digital signature of the certificate utilizing a public 
key further comprises the step of obtaining the public key from the programmable memory. 

14. (Original) A method according to Claim 8, wherein the update image 
includes a plurality of certificates in a hierarchy of certificates and wherein the step of 
verifying the authenticity of the update comprises the step of evaluating certificates of the 
plurality of certificates in the update image to determine if a valid digital signature is 
provided with the certificates of the update image. 

15. (Original) A method according to Claim 14, wherein the step of 
evaluating each of the digital certificates comprises the steps of: 

decrypting a digital signature of a certificate utilizing a public key associated with a 
next-higher certificate in the hierarchy; 

comparing the decrypted digital signature with a precomputed value to determine if 
the digital signature is a valid digital signature associated with the certificate; 

obtaining a public key associated with another of the digital certificates; 

repeating the steps of decrypting and comparing utilizing the obtained public key 
associated with another of the digital certificates; and 

wherein the step of obtaining a public key is repeated until a public key associated 
with a digital certificate of a trusted certificate authority is obtained, and comparing the of the 
trusted certificate authority public key with a predetermined value. 

1 6. (Original) A method according to Claim 1 , wherein the update image 
includes a plurality of certificates in a hierarchy of certificates and wherein the extracting the 
update application rules comprises the step of extracting update application rules fi-om each 
of the certificates in the hierarchy of certificates having update application rules provided in 
an extension of the certification. 
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1 7. (Original) A method according to Claim 16, wherein the programmable 
memory is updated with the update image only if all of the update application rules indicate 
that the update image is applicable to the device. 

1 8. (Original) A method according to Claim 16, wherein the programmable 
memory is updated with the update image if any of the update application rules indicate that 
the update image is applicable to the device. 

19. (Original) A method according to Claim 1, wherein the programmable 
memory is updated with the update image if any of the update application rules indicate that 
the update image is applicable to the device. 

20. (Original) A method according to Claim 1, wherein the programmable 
memory is updated with the update image only if all of the update application rules indicate 
that the update image is applicable to the device. 

2 1 . (Original) A system for controlling updates of a programmable memory 
of a device, comprising: 

means for obtaining an update image corresponding to the update of the 
programmable memory; 

means for obtaining a certificate associated with the update image, the certificate 
having update application rules in at least one extension of the certificate; 

means for extracting the update application rules from the at least one extension of the 
obtained certificate; and 

means for selectively updating the programmable memory based on the update image 
and the update application rules extracted from the obtained certificate. 

22. (Original) A system according to Claim 21 , wherein the update 
application rules comprise at least one of rules information associated with a manufacturer of 
the device, rules information associated with a brand of the device, rules information 
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associated with a software version of the device, rules information associated with a license 
authorization of the device or rules associated with the individual device. 

23. (Original) A system according to Claim 21, wherein the update 
application rules comprise rules defining devices for v/hich application of the update image is 
authorized. 

24. (Original) A system according to Claim 23, wherein the rules defining 
devices comprise rules specifying at least one of authorized device serial numbers, authorized 
firmware versions, authorized device manufacturers and authorized users associated with a 
device. 

25. (Original) A system according to Claim 21, wherein the update 
application mles comprise rules defining how data fi*om the update image is utilized to update 
the programmable memory. 

26. (Original) A system according to Claim 21, wherein the update 
application rules comprise rules which identify installation information provided with the 
update image and wherein the means for updating the programmable memory comprises 
means for updating the programmable memory utilizing the installation information provided 
with the update image. 

27. (Original) A system according to Claim 26, wherein the installation 
information comprises an install program and wherein means for updating the programmable 
memory utilizing the installation information comprises means for executing the install 
program to write the update data to the programmable memory. 

28. (Original) A system according to Claim 2 1 , further comprising means for 
verifying the authenticity of the update image. 
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29. (Original) A system according to Claim 28, wherein the means for 
verifying the authenticity of the update comprises means for evaluating the certificate 
associated with the update image to determine if a vahd digital signature is provided with the 
image. 

30. (Original) A system according to Claim 28, wherein the means for 
verifying the authenticity of the update image comprises means for determining if a valid 
digital signature is provided with the image by decrypting the digital signature provided with 
the image using a shared secret. 

31. (Original) A system according to Claim 29, wherein the means for 
evaluating the certificate comprises: 

means for decrypting a digital signature of the certificate utilizing a public key of a 
certificate authority accessible to the update program; and 

means for comparing the decrypted digital signature with a precomputed value to 
determine if the digital signature is a valid digital signature associated with the certificate 
authority. 

32. (Original) A system according to Claim 31, wherein the public key is 
stored in a non-updateable memory. 

33. (Original) A system according to Claim 31, further comprising: 

means for providing the public key of the certificate authority in a previous version of 
data to be stored in the programmable memory; and 

wherein the means for decrypting a digital signature of the certificate utilizing a 
public key further comprises means for obtaining the public key from the programmable 
memory. 

34. (Original) A system according to Claim 28, wherein the update image 
includes a plurality of certificates in a hierarchy of certificates and wherein the means for 
verifying the authenticity of the update comprises means for evaluating certificates of the 
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plurality of certi ficates in the update image to determine if a valid digital signature is 
provided with evaluated certificates of the update image. 

35. (Original) A system according to Claim 34, wherein the means for 
evaluating each of the digital certificates comprises: 

means for decrypting a digital signature of a certificate utilizing a pubhc key 
associated with a next-higher certificate in the hierarchy; 

means for comparing the decrypted digital signature with a precomputed value to 
determine if the digital signature is a valid digital signature associated with the certificate; 

means for obtaining a public key associated with another of the digital certificates; 

means for repeatedly obtaining a public key, decrypting a digital signature and 
comparing the decrypted digital signature with a precomputed value until a public key 
associated with a digital certificate of a trusted certificate authority is obtained; and 

means for comparing the public key of the digital certificate of the trusted certificate 
authority with a predetermined value. 

36. (Original) A system according to Claim 21, wherein the update image 
includes a plurality of certificates in a hierarchy of certificates and wherein the means for 
extracting the update application rules comprises means for extracting update application 
rules fi"om each of the certi ficates in the hierarchy of certificates having update application 
rules provided in an extension of the certification. 

37. (Original) A system according to Claim 36, wherein the programmable 
memory is updated with the update image only if all of the update application rules indicate 
that the update image is applicable to the device. 

38. (Original) A system according to Claim 36, wherein the programmable 
memory is updated with the update image if any of the update application rules indicate that 
the update image is applicable to the device. 
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39. (Original) A system according to Claim 21, wherein the programmable 
memory is updated with the update image if any of the update application rules indicate that 
the update image is applicable to the device. 

40. (Original) A system according to Claim 21, wherein the programmable 
memory is updated with the update image only if all of the update application rules indicate 
that the update image is applicable to the device. 

41 . (Original) A computer program product for controlling updates of a 
programmable memory of a device, comprising: 

a computer readable media having computer readable program code embodied 
therein, the computer readable program code comprising: 

computer readable program code which obtains an update image corresponding to the 
update of the programmable memory; 

computer readable program code which obtains a certificate associated with the 
update image, the certificate having update application rules in at least one extension of the 
certificate; 

computer readable program code which extracts the update application rules from the 
at least one extension of the obtained certificate; and 

computer readable program code which selectively updates the programmable 
memory based on the update image and the update application rules extracted from the 
obtained certificate. 

42. (Original) A computer program product according to Claim 41, wherein 
the update application rules comprise at least one of rules information associated with a 
manufacturer of the device, rules information associated with a brand of the device, rules 
information associated with a software version of the device, rules information associated 
with a license authorization of the device or rules associated with the individual device. 
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43. (Original) A computer program product according to Claim 41, wherein 
the update application rules comprise rules defining devices for which application of the 
update image is authorized. 

44. (Original) A computer program product according to Claim 43, wherein 
the rules defining devices comprise rules specifying at least one of authorized device serial 
numbers, authorized firmware versions, authorized device manufacturers and authorized 
users associated with a device. 

45. (Original) A computer program product according to Claim 41, wherein 
the update application rules comprise rules defining how data fi:'om the update image is 
utilized to update the programmable memory. 

46. (Original) A computer program product according to Claim 41 , wherein 
the update application rules comprise rules which identify installation information provided 
with the update image and wherein the computer readable program code which updates the 
programmable memory comprises computer readable program code which updates the 
programmable memory utilizing the installation information provided with the update image. 

47. (Original) A computer program product according to Claim 46, wherein 
the installation information comprises an install program and wherein the computer readable 
program code which updates the programmable memory utilizing the installation information 
comprises computer readable program code which executes the install program to write the 
update data to the programmable memory. 

48. (Original) A computer program product according to Claim 41, further 
comprising computer readable program code which verifies the authenticity of the update 
image. 

49. (Original) A computer program product according to Claim 48, wherein 
the computer readable program code which verifies the authenticity of the update comprises 



In re: Hind et al. 
Serial No.: 09/614,983 
Filed: July 12, 2000 
Page 11 of 17 

computer readable program code which evaluates the certificate associated with the update 
image to determine if a valid digital signature is provided with the image. 

50. (Original) A computer program product according to Claim 48, wherein 
the computer readable program code which verifies the authenticity of the update image 
comprises computer readable program code which determines if a valid digital signature is 
provided with the image by decrypting the digital signature provided with the image using a 
shared secret. 

51 . (Original) A computer program product according to Claim 49, wherein 
the computer readable program code which evaluates the certificate comprises: 

computer readable program code which decrypts a digital signature of the certificate 
utilizing a public key of a certificate authority accessible to the update program; and 

computer readable program code which compares the decrypted digital signature with 
a precomputed value to determine if the digital signature is a valid digital signature associated 
with the certificate authority. 

52. (Original) A computer program product according to Claim 51, wherein 
the public key is stored in a non-updateable memory. 

53. (Original) A computer program product according to Claim 51, further 
comprising: 

computer readable program code which provides the public key of the certificate 
authority in a previous version of data to be stored in the programmable memory; and 

wherein the computer readable program code which decrypts a digital signature of the 
certificate utilizing a public key further comprises computer readable program code which 
obtains the public key from the programmable memory. 

54. (Original) A computer program product according to Claim 48, wherein 
the update image includes a plurality of certificates in a hierarchy of certificates and wherein 
the computer readable program code which verifies the authenticity of the update comprises 
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computer readable program code which evaluates certificates of the plurality of certificates in 
the update image to determine if a valid digital signature is provided with the evaluated 
certificates of the update image. 

55. (Original) A computer program product according to Claim 54, wherein 
the computer readable program code which evaluates each of the digital certificates 
comprises: 

computer readable program code which decrypts a digital signature of a certificate 
utilizing a public key associated with a next-higher certificate in the hierarchy; 

computer readable program code which compares the decrypted digital signature with 
a precomputed value to determine if the digital signature is a valid digital signature associated 
with the certificate; 

computer readable program code which obtains a public key associated with another 
of the digital certificates; 

computer readable program code which repeatedly obtains a public key, decrypts a 
digital signature and compares the decrypted digital signature with a precomputed value until 
a public key associated with a digital certificate of a trusted certificate authority is obtained; 
and 

computer readable program code which compares the public key of the digital 
certificate of the trusted certificate authority with a predetermined value. 

56. (Original) A computer program product according to Claim 41 , wherein 
the update image includes a plurality of certificates in a hierarchy of certificates and wherein 
the computer readable program code which extracts the update application rules comprises 
computer readable program code which extracts update application rules fi'om each of the 
certificates in the hierarchy of certificates having update application rules provided in an 
extension of the certification, 

57. (Original) A computer program product according to Claim 56, wherein 
the programmable memory is updated with the update image only if all of the update 
application rules indicate that the update image is applicable to the device. 
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58. (Original) A computer program product according to Claim 56, wherein 
the programmable memory is updated with the update image if any of the update application 
rules indicate that the update image is applicable to the device. 

59. (Original) A computer program product according to Claim 41 , wherein 
the programmable memory is updated with the update image if any of the update application 
rules indicate that the update image is applicable to the device. 

60. (Original) A computer program product according to Claim 41 , wherein 
the programmable memory is updated with the update image only if all of the update 
application rules indicate that the update image is applicable to the device. 



61-74. Cancelled. 



